Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://1drv.ms/o/s!...

windows10-1703-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    35s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-08-2023 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://1drv.ms/o/s!AhTM2cIkWVqugvo864CdQa-2enTEHQ?e=SsWP7D

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://1drv.ms/o/s!AhTM2cIkWVqugvo864CdQa-2enTEHQ?e=SsWP7D"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3256
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://1drv.ms/o/s!AhTM2cIkWVqugvo864CdQa-2enTEHQ?e=SsWP7D
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4616
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.0.756464813\1401482867" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98116dea-4542-41f0-8561-f2ccfc311025} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 1764 21c7b1f8e58 gpu
        3⤵
          PID:1360
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.1.151321553\677468039" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd769cad-c7ee-434f-b3c3-8a445a7cd7bb} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 2140 21c68d71f58 socket
          3⤵
            PID:2140
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.2.1180683226\154655540" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 21835 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb12e4b-d21f-4972-910b-11c3d9c8bdc7} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 3196 21c7f1f7b58 tab
            3⤵
              PID:4512
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.3.454851005\1502990408" -childID 2 -isForBrowser -prefsHandle 1032 -prefMapHandle 988 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3419c1d2-7efd-4b43-a9df-1d89f664d774} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 3684 21c806f9c58 tab
              3⤵
                PID:1168
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.4.1760825468\1454722203" -childID 3 -isForBrowser -prefsHandle 4628 -prefMapHandle 4656 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26270941-2679-4bc9-8200-2fd35e5761bb} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 4676 21c80629e58 tab
                3⤵
                  PID:3732
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.5.600130590\1901989658" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da2bc093-10dc-4011-aa78-0be2a8b53780} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 4796 21c818d7f58 tab
                  3⤵
                    PID:1792
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.6.247156217\1856673450" -childID 5 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ce13602-2969-4e50-af82-c6e267246a79} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 4984 21c818d8258 tab
                    3⤵
                      PID:4508
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.7.1629947323\1604716430" -childID 6 -isForBrowser -prefsHandle 3300 -prefMapHandle 3304 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7ba8e2-63fa-4256-9ba9-d90fe932e30c} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 2352 21c7f1f9c58 tab
                      3⤵
                        PID:1132
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.8.1620274789\256146538" -childID 7 -isForBrowser -prefsHandle 2672 -prefMapHandle 2648 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eafa17ac-c989-4b73-b644-c6faf19bfc18} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 5760 21c7e409e58 tab
                        3⤵
                          PID:3624
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.9.1932216725\1838682820" -childID 8 -isForBrowser -prefsHandle 2856 -prefMapHandle 2640 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {799c4204-5466-481a-9b6c-72d35e0b76c8} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 3032 21c7e4c9258 tab
                          3⤵
                            PID:2848
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.10.215441817\124086342" -childID 9 -isForBrowser -prefsHandle 2656 -prefMapHandle 3020 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98eb6205-31d9-411b-9a7b-0041ed28e0b2} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 2724 21c7e4c8358 tab
                            3⤵
                              PID:3496

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          21KB

                          MD5

                          2a583993a6ca0e1ae26612a6bb73ef27

                          SHA1

                          6d2ee9ef00136738e3abdde936b6a90d838e6649

                          SHA256

                          d4d6a04bb2c0f4d27dfee0151c6dfeebfe555fe3e1c22b0ebeb77013e7905451

                          SHA512

                          9f56a71cb3c89344170e32823b6259d319f5affe4bcd55fa7b8c2525d06aa1582c8122c26bbc019fc19076f78f63fdc71046f7534194442140859a1bf124eb53

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          609bf76e7b436ac175582c572173ab4b

                          SHA1

                          0c721a08dc4558ad3ae3038e45582bd67116dd5a

                          SHA256

                          d1f010c86792685ecdda51ad3355d2699ac23e230424ce1a5409b69e3df06293

                          SHA512

                          364f56102baed1b9a2ebf7cb9efe6b2b6374bcc2141b51f96843addceb4526d0924b1dff231e6e38da63338429ec0576c1703d24cf3cfd998733e3a485aaca1d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          424ed2dfc358800c73372a75d1c6435e

                          SHA1

                          69f8a2e1e5d095485c902aacc49fbbd17cd5d221

                          SHA256

                          1733160104d8f777dc12c56140269c2a4e1b73c389d2711da701801fcf2640ab

                          SHA512

                          66f1bdde7826ea356d3942334dc3334c51c87b86d92734da366de4b0fcc491f34b609f58ff188e0505a8e73867bd8d9f8e96fbecf9c22e45a13245ac15f94e93

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          192KB

                          MD5

                          e75cfc50a647370ddbe07b2554406909

                          SHA1

                          5d203409ba04bea2de5b3b4ab431d1170e2ffb61

                          SHA256

                          ec330c440306bf865afbc8315224b2e86f7ee129b7687eb238a557256a370f75

                          SHA512

                          ab2b7b8845c2aa1cf3f983ccd7f78635c45733c8698df67f3505a696a05a33d527afcace847297b7a461c59691771f65ef93ebc25e0af7f99686bb1f95b9b8df

                          Download Submit